Halaman utama Jelajahi Bantuan
Daftar Masuk
gatsby
/
payment-platform
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Jelajahi Sumber

fix: 通知验签按app_id查服务商公钥,不再用默认全局配置

alphaH 1 hari lalu
induk
d419786d94
melakukan
a8ed0d3a0d
2 mengubah file dengan 16 tambahan dan 3 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 0 2
      java/src/main/java/com/payment/platform/module/payment/notification/entity/AlipayNotifyLogEntity.java
  2. 16 1
      java/src/main/java/com/payment/platform/module/payment/notification/service/NotificationService.java

+ 0 - 2
java/src/main/java/com/payment/platform/module/payment/notification/entity/AlipayNotifyLogEntity.java
Tampilan Berkas 

@@ -1,7 +1,5 @@
 
 package com.payment.platform.module.payment.notification.entity;
 
 
-import com.baomidou.mybatisplus.annotation.FieldFill;
 
-import com.baomidou.mybatisplus.annotation.TableField;
 
 import com.baomidou.mybatisplus.annotation.TableName;
 
 import com.fasterxml.jackson.annotation.JsonRawValue;
 
 import com.payment.platform.common.base.PaymentBaseEntity;

+ 16 - 1
java/src/main/java/com/payment/platform/module/payment/notification/service/NotificationService.java
Tampilan Berkas 

@@ -5,6 +5,9 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 
 
 import com.payment.platform.common.response.PageResult;
 
 import com.payment.platform.common.utils.RedisLockUtil;
 
+import com.payment.platform.module.payment.serviceprovider.entity.ServiceProviderEntity;
 
+import com.payment.platform.module.payment.serviceprovider.mapper.ServiceProviderMapper;
 
+import cn.hutool.core.util.StrUtil;
 
 import com.payment.platform.core.alipay.AlipayConfig;
 
 import com.payment.platform.module.payment.account.mapper.TransferMapper;
 
 import com.payment.platform.module.payment.enterprise.mapper.EnterpriseMapper;
 
@@ -47,6 +50,7 @@ public class NotificationService {
 
     private final QuotaMapper quotaMapper;
 
     private final OpenapiService openapiService;
 
     private final AlipayConfig alipayConfig;
 
+    private final ServiceProviderMapper providerMapper;
 
     private final RedisLockUtil redisLockUtil;
 
 
     private static final ObjectMapper oMapper = new ObjectMapper();
 
@@ -86,8 +90,19 @@ public class NotificationService {
 
         entry.setReceivedAt(OffsetDateTime.now());
 
 
         try {
 
+            // 按通知中的 app_id 查找对应服务商的公钥进行验签
 
+            String alipayPublicKey = alipayConfig.getAlipayPublicKey();
 
+            String appId = params.get("app_id");
 
+            if (StrUtil.isNotBlank(appId)) {
 
+                ServiceProviderEntity sp = providerMapper.selectOne(
 
+                        new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<ServiceProviderEntity>()
 
+                                .eq(ServiceProviderEntity::getAppId, appId));
 
+                if (sp != null && StrUtil.isNotBlank(sp.getAlipayPublicKey())) {
 
+                    alipayPublicKey = sp.getAlipayPublicKey();
 
+                }
 
+            }
 
             boolean verified = AlipaySignature.rsaCheckV1(params,
 
-                    alipayConfig.getAlipayPublicKey(), alipayConfig.getCharset(), alipayConfig.getSignType());
 
+                    alipayPublicKey, alipayConfig.getCharset(), alipayConfig.getSignType());
 
             entry.setVerifyResult(verified);
 
             if (!verified) {
 
                 log.warn("支付宝通知验签失败: notify_id={}", notifyId);